Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1031718: In some cases there is the error: connection refused (Socket error code 10061)

381 views
Skip to first unread message

Debian

unread,
Feb 21, 2023, 8:50:04 AM2/21/23
to
Package: libgnutls30
X-Debbugs-Cc: deb...@decotrain.de
Version: 3.7.1-5+deb11u2
Severity: normal

Hello,

this is more a question for ideas and support, because a bug cannot be proven.

There is a problem with the mail system on a server, that does not receive emails from certain providers any more.
The sender of the emails don't get any notice that the emails are not delivered and there is only one sender that could provide an error message. This is:

2/17/2023 12:43:19 PM - Server at PAWP195MB2418.EURP195.PROD.OUTLOOK.COM returned '550 5.4.316 Message expired, connection refused(Socket error code 10061)'
2/17/2023 12:33:05 PM - Server at domain.de (xx.79.98.xx) returned '450 4.4.316 Connection refused [Message=Socket error code 10061]

Searching the internet shows that will be caused by a routing problem, but the mail system generally works and emails are received from other senders.

The problem exists since 2023-02-15 so the idea is to search what has changed.
The only thing that has changed is that an automated security update has happened:

Start-Date: 2023-02-15  07:38:27
Commandline: apt-get upgrade -y -o Dir::Etc::SourceList=/etc/apt/security.sources.list
Upgrade: libgnutls30:amd64 (3.7.1-5+deb11u2, 3.7.1-5+deb11u3), libgnutls-dane0:amd64 (3.7.1-5+deb11u2, 3.7.1-5+deb11u3)
End-Date: 2023-02-15  07:38:32

That's the reason why the question is placed here.

The changelog only tells about an "Fix double free":
https://metadata.ftp-master.debian.org/changelogs//main/g/gnutls28/gnutls28_3.7.1-5+deb11u2_changelog

It makes no sense that this bug was needed to avoid routing problems!?

Is there any other idea for the reason of the problem?

Best regards
karsten


-- System Information:
Debian Release: 11.6
 APT prefers stable-updates
 APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Debian

unread,
Feb 21, 2023, 11:50:04 AM2/21/23
to
Maybe this error can be tracked within the Debian BTS email server?
(There should be one more reply from the system for this email that will
fail.)

There could be found other suspect log entries in the exim log:

2023-02-21 13:39:03 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:04 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:04 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
No supported cipher suites have been found.
2023-02-21 13:39:05 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:06 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:06 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:06 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:07 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.
2023-02-21 13:39:07 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
No supported cipher suites have been found.
2023-02-21 13:39:08 TLS error on connection from
scanner-25.ch1.censys-scanner.com [162.142.125.221] (gnutls_handshake):
Error in the pull function.


=========================================

email at ow...@bugs.debian.org

=========================================


Hello Debian BTS administrators,

can you please check the log files of the mail system for a missing email?
It shoud have been send at 21 Feb 2023 13:45:01 UTC


It is regarding https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031718
Normally I get emails from the BTS engine without any problem.
As you can see the email for submit was received and processed by the
system.

The log for this submit mail is:

2023-02-21 14:41:44 1pUSXU-002AnH-Kx => sub...@bugs.debian.org
R=dnslookup T=remote_smtp H=buxtehude.debian.org [209.87.16.39]
X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no
DN="C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP
CA,CN=buxtehude.debian.org,EMAIL=hostm...@buxtehude.debian.org" K
C="250- 7971 byte chunk, total 7971\\n250 OK id=1pUSts-00Ad0p-7V"
2023-02-21 14:41:44 1pUSXU-002AnH-Kx Completed

The exact error why the mail response fails would help to solve the bug
1031718.


Thank you for your help and support

karsten

Debian

unread,
Feb 27, 2023, 6:50:03 AM2/27/23
to
The problem could be identified - it is not a problem with this library.

There port forwarding was manipulated on the incoming router, so that
port 25 has not been forwarded any more.

This bug can be closed.
0 new messages